Verification of replica failed while adding new Domain Controller
One of my customer have domain controler on Windows Server 2012 with schema 2008R2, my mission was update domain to the latest schema 2019 with two Domain Controllers on OS WS 2019.
When i stared the „Promote this server to a domain controller“ i got an error : „erification of replica failed. The specified domain [DomainName] is still using the File Replication Service (FRS) to replicate the SYSVOL share. FRS is deprecated.“
- The first thing is : check if the File Replication Service is still running and enable
- The second thing is: check if there is any SYSVOL_DFSR folder in the Windows directory. If there is, then you are using DFSR replication service.
- In my case the service FRS is running but i dont have any SYSVOL_DFSR folder.
Solution : Migration FRS to DFSR SYSVOL
Please before start migration FRS to DFSR ensure that you have backup or replica of your Domain Controllers.
Prerequisites – check following:
- dcdiag /e /c
- repadmin /replsum
- repadmin /showrepl
- if your Domain Functional level is 2008 and higher
- Dcdiag /e /test:sysvolcheck /test:advertisingDcdiag
Now we can start this 3 states:
- State 1 (PREPARED state) – In this state, the content of the SYSVOL folder is copied by the DFSR service into a newly created folder called SYSVOL_DFSR. This is also located under the Windows root. At this stage of the migration process, the main replication engine for the SYSVOL share is still FRS.
- State 2 (REDIRECTED state) – In this state the SYSVOL share is redirected to SYSVOL_DFSR for client use. The DFSR service takes over the old service and becomes the main replication engine for all domain controllers in the domain. FRS is still running and replicating the SYSVOL share.
- State 3 (ELIMINATED sate) – In this state the SYSVOL share is removed and the FRS service is stopped and set to disabled on all domain controllers in the domain.
State 1
log in on one of the domain controller which hold PDC role and start State 1. To check migration status use the command „dfsrmig /getmigrationstate“
PS C:\Users\kalabis> Dfsrmig /setglobalstate 1
Current DFSR global state: 'Start'
New DFSR global state: 'Prepared'
Migration will proceed to 'Prepared' state. DFSR service will
copy the contents of SYSVOL to SYSVOL_DFSR
folder.
If any domain controller is unable to start migration, try manual polling.
Or run with option /CreateGlobalObjects.
Migration can start anytime between 15 minutes to 1 hour.
Succeeded.
PS C:\Users\kalabis> dfsrmig /getmigrationstate
The following domain controllers have not reached Global state ('Prepared'):
Domain Controller (Local Migration State) - DC Type
===================================================
SRV-DC1 ('Start') - Primary DC
SRV-DC2 ('Start') - Writable DC
Migration has not yet reached a consistent state on all domain controllers.
State information might be stale due to Active Directory Domain Services latency.
after 5 mins, depends on infrastructure
PS C:\Users\kalabis> dfsrmig /getmigrationstate
All domain controllers have migrated successfully to the Global state ('Prepared').
Migration has reached a consistent state on all domain controllers.
Succeeded.
On every domain contoller is created SYSVOL_DFSR in Windows root folder and SYSVOL share contetn being copied here.
State 2
PS C:\Users\kalabis> dfsrmig /setglobalstate 2
Current DFSR global state: 'Prepared'
New DFSR global state: 'Redirected'
Migration will proceed to 'Redirected' state. The SYSVOL share
will be changed to SYSVOL_DFSR folder,
which is replicated using DFSR.
Succeeded.
PS C:\Users\kalabis> dfsrmig /getmigrationstate
The following domain controllers have not reached Global state ('Redirected'):
Domain Controller (Local Migration State) - DC Type
===================================================
SRV-DC1 ('Prepared') - Primary DC
SRV-DC2 ('Prepared') - Writable DC
Migration has not yet reached a consistent state on all domain controllers.
State information might be stale due to Active Directory Domain Services latency.
PS C:\Users\kalabis> dfsrmig /getmigrationstate
All domain controllers have migrated successfully to the Global state ('Redirected').
Migration has reached a consistent state on all domain controllers.
Succeeded.State 3
PS C:\Users\kalabis> dfsrmig /setglobalstate 3
Current DFSR global state: 'Redirected'
New DFSR global state: 'Eliminated'
Migration will proceed to 'Eliminated' state. It is not possible
to revert this step.
If any read-only domain controller is stuck in the 'Eliminating' state for too long
run with option /DeleteRoNtfrsMember.
Succeeded.
PS C:\Users\kalabis> dfsrmig /getmigrationstate
All domain controllers have migrated successfully to the Global state ('Eliminated').
Migration has reached a consistent state on all domain controllers.
Succeeded.
State 3 takes less time than state 1 & 2. The SYSVOL foleder is gone from Windows directory.
And service File Replication is stopped and set to Disabled.
Check GPO and use the commands which was used in Prerequisites.
Yes ! Migration FRS to DFSR SYSVOL was successfully migrated !